59b833e6f40ff679743bc9499540f55bd04d8f08
[valtz.git] / README
1
2 valtz 0.7, ; (C) 2003 Magnus Bodin, http://x42.com/software/
3 ============================================================
4
5 Validation tool for tinydns-data zone files.
6
7 Usage:
8
9 Simple validation:
10 valtz [-qrRix] <zonefiles>
11
12 Simple filtering:
13 valtz -f[qrRiItTx] <zonefiles>
14
15 Extensive filtering:
16 valtz -F[qrRiItTx] <filterfiles>
17
18 General usage:
19 valtz [-hfFqrRiItTx] <file(s)>
20
21 -h shows this help.
22
23
24 -f filter (don't just validate) file and output accepted lines to STDOUT.
25
26
27 -F treat files as filter configuration files for more advanced filtering.
28 These filterfiles one or several of the following filter directives:
29
30 zonefile <zonefilepath>
31 zonefile file:<path to textfile including zonefilepaths>
32 Defines the file(s) to be filtered. Can be a globbed value, like
33 /var/zones/external/*
34
35 extralog <logfile>
36 Defines an extra logfile that the STDERR output will be copied for
37 this specific filterfile. Useful if you have a lot of filterfiles
38 and want to separate the logs.
39
40 deny <zonepattern>
41 deny file:<path to <zonepatternfile>
42 Defines a zonepattern to explicitly DENY after implicitly allowing all.
43 (cannot be combined with allow)
44
45 allow <zonepattern>
46 allow file:<path to <zonepatternfile>
47 Defines a zonepattern to explicitly ALLOW after implicitly denying all.
48
49 allowtype <recordtype character(s)>
50 Explicitly sets the allowed recordtypes. Note that even comments
51 has to be allowed (but these will not result in errors unless -t)
52 to be copied to the output.
53
54 Multiple zonefile, allow- and deny-lines are allowed, but also the
55 alternative file:-line that points to a textfile containing one
56 value per line.
57
58
59 -r allows fqdn to be empty thus denoting the root.
60 This is also allowed per default when doing implict allow - see deny,
61 or when specifying 'allow .', i.e. explictly allowing root as such.
62 (cannot be combined with deny)
63
64
65 -R relaxes the validation and allows empty mname and p-fields.xi
66 This is probably not very useful.
67
68
69 -i allows the ip-fields to be empty as well. These will then not generate any
70 records.
71
72
73 -I Include rejected lines as comments in output (valid when filtering).
74
75
76 -q Do not echo valid lines to STDOUT.
77
78 -s DO NOT ignore files ending with ,v ~ .bak .log .old .swp .tmp
79 which is done per default.
80
81
82 -t Give error even on #comment-lines when they are not allowed.
83 (These errors are silently ignored per default)
84
85
86 -T<types>
87 A commandline way to explicitly set the allowed recordtypes.
88 This is _concatenated_ to the allowtype-allowed recordtypes.
89
90 -x Exit with non-null exit code on errors; i.e. make errors detectable by
91 e.g. shell scripts; 1 = validation error, 2 = permission error,
92 3 = combination of 1 and 2.
93
94
95
96 All errors in the zonefiles are sent to STDERR.
97
98 Example; simple use:
99 valtz zone-bodin-org
100
101 Example; simple filter-use;
102 valtz -f /etc/zones/zone-*
103 >/etc/tinydns/data.filtered
104 2>/var/log/tinydns/valtz.log
105
106 Example; filterfile use;
107 valtz -F /etc/zones/filter/zones-otto
108 >/etc/tinydns/data.otto
109 2>/var/log/tinydns/valtz.log
110
111
112 Example filterfile for using as import from primary (as above):
113 zonefile /var/zones/external/otto/zone-*
114 deny bodin.org
115 deny x42.com
116 extralog /var/log/tinydns/external-otto.log
117
118 Example #2, strict filter for a certain user editing just A-records
119
120 zonefile /home/felix/zones/zone-fl3x-net
121 allow fl3x.net
122 allowtype +
123 extralog /var/log/tinydns/fl3x-net.log
124
125 Example #3, export filter to secondary
126
127 zonefile /var/zones/primary/zone-*
128 # just allow OUR zones to be exported, not to annoy secondary partner
129 allow file:/var/zones/primary-zones.txt
130 # don't allow any other types than this; e.g. comments won't be exported
131 allowtype Z + @ . C
132 extralog /var/log/tinydns/primary-export.log
133
134 Example #4, /etc/zones/minimalistic-filterfile
135
136 deny file:/etc/zones/primary-zones.txt
137 allowtype Z + @ . C
138
139 and on the commandline;
140
141 ssh remote.example.org cat /etc/export-zones.txt | \
142 valtz -F /etc/zones/minimalistic-filterfile \
143 >/etc/tinydns/remote.example.org-data \
144 2>/var/log/remote.example.org-zones.log
145
146
147 Please mail comments and errors and general feedback to <magnus@bodin.org>.
148
149
150 Thanks to
151 * Paul Jarc
152 * Otto Dandenell
153